[
https://issues.apache.org/jira/browse/JCR-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019714#comment-13019714
]
Tobias Bocanegra edited comment on JCR-2937 at 4/14/11 7:43 AM:
----------------------------------------------------------------
from JCR-2700:
> an empty string restriction forces the ACE to take effect on the node it has
> been applied.
which means in this case, effect on '/'. but if i want to restrict the subnodes
of '/' i can't express this. but i can for all other nodes than '/'.
eg: using '/*' works but not on '/' which is not intuitive.
was (Author: tripod):
from JCR-2700:
> an empty string restriction forces the ACE to take effect on the node it has
> been applied.
which means in this case, effect on '/'. but if i want to restrict the subnodes
of '/' i can't express this. but i can for all other nodes than '/'.
eg: using '/*' works but on '/' which is not intuitive.
> ACL with glob restrictions does not work on '/'
> -----------------------------------------------
>
> Key: JCR-2937
> URL: https://issues.apache.org/jira/browse/JCR-2937
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: security
> Affects Versions: 2.3.0
> Reporter: Tobias Bocanegra
>
> i tried to define a ACL on '/' that would allow 'read' on '/' itself, but not
> for the nodes underneath. i tried "*", "/*", "./*" but none of them seem to
> do the desired effect.
> eg:
> everyone,allow,jcr:read, '/'
> everyone,deny,jcr:read, '/', glob="/*"
> the same works for a non-root node.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
